Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

The SSL In OsCommerce Guide For The Innocent


Simplyeasier

Recommended Posts

well it was not from godaddy after all. anyway how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)? ared there files I should be able to see? should that env.php be telling me something?

Link to comment
Share on other sites

  • Replies 401
  • Created
  • Last Reply
FlyingKites,

 

you need to run your env.php from the domain of the https server

 

Yes, those results don't look like they came from an https url at all.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

how can I tell if the certificate has actually been installed properly on his server (outside of oscommerce)?

 

Simple.

 

Just look at any old plain html page on the server through the https address.

 

If you can see it without getting an error and you get a solid padlock the ssl address is working.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Has anyone come across this problem..

 

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc.

 

Also, in the admin side when secured it gives this error and dispays no images..

 

Error: Catalog images directory does not exist: //public_html/store/images/

 

I am probably wrong but it looks to me like a path error? I have moved '/' about in the config.php's but to no avail.

 

I have tried as many as I can of the different configs kindly posted here and the base 'on' on line 41 seems to be the best for my server setup with the results from AlanR's helpful myenv.php report.

 

I installed a vanilla osC to test again and its still the same..

 

Anyone had this problem and managed to fix it?

 

Any help gratefully recieved.

Link to comment
Share on other sites

Has anyone come across this problem..

 

When I have shared SSL working correctly (padlock closed) it will not display ANY images in the catalog SSL side, thats logos, 1pixel.gif's, icons, product images etc etc

 

Repost your question in Installation & Configuration. If we turn this thread into a clone of an I&C thread it becomes less useful for future readers, they'll have too many posts to wade through.

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

Need help on the SSL configuration here. My site is under testing with a test SSL cert. The security locks disappear immediately after the page is loaded eg. at the login page. Below is my configure.php settings:

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://www.blueseatackle.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://blueseatackle.com'); // eg, https://localhost - should not be empty for productive servers

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.blueseatackle.com');

define('HTTPS_COOKIE_DOMAIN', 'blueseatackle.com');

define('HTTP_COOKIE_PATH', '/');

define('HTTPS_COOKIE_PATH', '/');

define('DIR_WS_HTTP_CATALOG', '/');

define('DIR_WS_HTTPS_CATALOG', '/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

define('DIR_WS_DOWNLOAD_PUBLIC', 'pub/');

define('DIR_FS_CATALOG', '/domains/blueseatackle.com/wwwroot/');

define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

Hope some expert can solve my problem.

Link to comment
Share on other sites

Hi all.

 

I am pretty sure I know what I am doing with the SSL and all. But I do have a question.

 

I am questioning whether I should have my certificate made for 'www.mydomain.com' or just 'mydomain.com'

 

I am assuming, that given the changes to the code, if a user were at http://www.mydomain.com and proceeded to checkout, they would be sent to https://mydomain.com.

 

define('HTTP_SERVER', 'http://www.yourdomain.com'); // eg, http://localhost - should not be empty for productive servers

define('HTTPS_SERVER', 'https://yourdomain.com'); // eg, https://localhost - should not be empty for productive servers

 

so everything would work out fine.

 

But for people on the other side of the world, buying my products, they may need the www prefix before mydomain.com. So consider that they need the www and that they are surfing http://www.mydomain.com. They go to checkout and are reditrected to https://mydomain.com (no www). Wouldnt this create a problem for them in not being able to access my site?

 

So if this is true, which it very well may not be (I have never tried to access a U.S. site from the other side of the world or vice versa as far as i know).....

 

If this is true, then should I have my certificate made for www.mydomain.com? and change the HTTPS_SERVER code to include the www prefix?

 

Someone knowledgable help me please :D

 

Thank you in advance,

Chris

Link to comment
Share on other sites

This has been a great source of information. Thank you to everyone.

 

Having spent the last hour reading, i now have my index page showing as https. BRILLIANT.

 

BUT..........

 

When i click on one of my products and all other pages are showing as http

 

WHY ?

 

I changed my configuration to read the https server define information.... and everything else i need to change....or so i thought.

Take a look at my config file and if someone could check it for me ?....I think its correct, but not sure why the rest of the site is not showing as http except the index page?

 

  define('HTTP_SERVER', 'http://www.belly-unique.com'); // eg, http://localhost - should not be empty for productive servers
 define('HTTPS_SERVER', 'https://secure.hosts.co.uk/~belly-unique.com'); // eg, https://localhost - should not be empty for productive servers
 define('ENABLE_SSL', true); // secure webserver for checkout procedure?
 define('HTTP_COOKIE_DOMAIN', 'www.belly-unique.com');
 define('HTTPS_COOKIE_DOMAIN', 'https://secure.hosts.co.uk/~belly-unique.com');
 define('HTTP_COOKIE_PATH', '/');
 define('HTTPS_COOKIE_PATH', 'belly-unique.com');
 define('DIR_WS_HTTP_CATALOG', '/catalog/');
 define('DIR_WS_HTTPS_CATALOG', '/catalog/');
 define('DIR_WS_IMAGES', 'images/');
 define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');
 define('DIR_WS_INCLUDES', 'includes/');
 define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');
 define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');
 define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');
 define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');
 define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

 

Thanking you ALL in advance for any help with this :rolleyes:

Link to comment
Share on other sites

Just to add that i find out that the checkout and account login IS HTTPS....but the products on display are not.....i guess this is correct ?  :blush:

 

 

DAMN......... now when i click on CHECKOUT...... the page cant be found ?

 

WHY WHY WHY ??????????

 

Please help with this one as this is crucial at the moment..... :'(

Link to comment
Share on other sites

I'm finding an odd problem with shared SSL (ie. a shared certificate offered by the hosting provider). The shop itself works perfectly with the shared cert, no problem. The administration area displays properly, but if I try to make any changes to an admin area (say, a shipping price) the value for that option gets wiped out entirely. This happens on all carts with a shared cert. Unfortunately, getting the client off the shared cart is not an option. Anyone else seen smiliar behaviour?

Link to comment
Share on other sites

  • 2 weeks later...

I have a bit of info that may be useful to some.

 

There are 3 files that I had to edit in order for my SSL to work properly. So far (and i may be mistaken), I have only seen 2 main files being mentioned. (and of course catalog/includes/application_top.php for checking if ur server settings match the ur code.)

 

Here are the files I had to edit:

1. admin/includes/configure.php

2. catalog/includes/configure.php

3. catalog/includes/local/configure.php

 

Once I editted all three of them, it worked flawlessly.

 

My Conficuration:

Godaddy certificate.

Hosted with Hostexcellence.com

osCommerce 2.2

Link to comment
Share on other sites

  • 2 weeks later...

I've got a little update on the little diagnostic file I posted here:

 

http://www.oscommerce.com/forums/index.php?sho...23entry672623

 

We had a user who had that version of that little myenv.php script come up completely blank on a dedicated ssl except for $HTTP_HOST, a test I didn't put in worked. So here's a slightly different version. It's got the tests more explicitly set out (easier to see what works and what doesn't) and it adds $_SERVER['HTTPS']

 

I threw in the document root queries for free. ;) (They're not really needed for the ssl fix)

 

Most of these things can be found by examining phpinfo.php but this puts them all together in a simple easy to understand way.

 

You can still name the script myenv.php or whatever you like. Check my previous post (linked above) to see how to use it.

 

 <?php
echo '$HTTP_HOST == ' . "$HTTP_HOST";
echo '<br>$HTTPS_HOST == ' . "$HTTPS_HOST";
echo '<br>getenv(\'SERVER_PORT\') == ' . getenv('SERVER_PORT');
echo '<br>getenv(\'HTTPS\') == ' . getenv('HTTPS');
echo '<br>getenv(\'HTTP_X_FORWARDED_SERVER\') == ' . getenv('HTTP_X_FORWARDED_SERVER');
echo '<br>getenv(\'HTTP_X_FORWARDED_HOST\') == ' . getenv('HTTP_X_FORWARDED_HOST');
echo '<br>getenv(\'HTTP_X_FORWARDED_BY\') == ' . getenv('HTTP_X_FORWARDED_BY');
echo '<br>$_SERVER[\'HTTPS\'] == ' . $_SERVER['HTTPS'];
echo '<br>getenv(\'DOCUMENT_ROOT\') == ' . getenv('DOCUMENT_ROOT');
echo '<br>$DOCUMENT_ROOT == ' . "$DOCUMENT_ROOT";
?>

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

God bless your heart AlanR!!!!!!!!!!!!

 

I've been trying to figure this out for 4-5 days, finally did a search on the board and found your posts. My problem was solved by adding

 

$request_type = (getenv('SERVER_PORT') == '443') ? 'SSL' : 'NONSSL';

 

in application top.

 

Thanks again!

Link to comment
Share on other sites

OK, I'm not getting it.

 

I've set up certs using cpanel ssl manager. The cert is for myaddon.com

I've done a fantastico install into myaddon.com/store

 

Since this is an addon domain, the install is actually in /home2/mydomain/public_html/myaddon/store

 

I've looked at the includes/configure.php and the HTTP and HTTPS SERVERS were all set to no www.

I've tried all 4 combinations and have not succeeded.

 

It shows as secure, but always responds "/store/create_account.php was not found on this server".

Link to comment
Share on other sites

  • 2 weeks later...

Hello,

 

If you would to https://terfex.com/account.php on my store you will be told "the page contains both secure and non-secure items" and I want to remove this.

 

This is because of the paypal and visa pics on right side of my store.

 

Please tell me that how do i get rid of this message... please tell me step by step as i m new and i know this is an easy job but i still dont know how to go about this.

 

 

Bye

Link to comment
Share on other sites

Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

Link to comment
Share on other sites

Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

 

 

i've been having the same problem, anyone know a fix for this?

Link to comment
Share on other sites

Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

 

I have the same problem, I read every single messeges in this thrade but nothing helped...

?,???`???,?? God must love stupid people, he made so many ??,???`???,?

Link to comment
Share on other sites

Hi..

my configure.php content is as follows.. my admin configure is similar .. Do I need to change anything else so that once a user goes from checkout_shipping to checkout_payment.php, they should get to the SSL enabled page?

 

// Define the webserver and path parameters

// * DIR_FS_* = Filesystem directories (local/physical)

// * DIR_WS_* = Webserver directories (virtual/URL)

define('HTTP_SERVER', 'http://scrapmode.com');

define('HTTPS_SERVER', 'https://scrapmode.com');

define('ENABLE_SSL', true); // secure webserver for checkout procedure?

define('HTTP_COOKIE_DOMAIN', 'www.scrapmode.com');

define('HTTPS_COOKIE_DOMAIN', 'scrapmode.com');

define('HTTP_COOKIE_PATH', '/osc/catalog/');

define('HTTPS_COOKIE_PATH', '/osc/catalog/');

define('DIR_WS_HTTP_CATALOG', '/osc/catalog/');

define('DIR_WS_HTTPS_CATALOG', '/osc/catalog/');

define('DIR_WS_IMAGES', 'images/');

define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

define('DIR_WS_INCLUDES', 'includes/');

define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

Link to comment
Share on other sites

Hi, I made a post a little while back. I got my SSL working great in my catalog. But I have a problem with ssl in my admin directory. Something is not configured correctly in my admin files.

 

I can log into my admin dir using https://mysite.com/admin. But once i click on a link, say 'configuration', it goes to http://mysite.com/admin/configuration.php...

 

Does anyone know, really know, what files need to be edited and how in the admin section?? This would really help since my store will launch soon and dont want my customer's credit card info being transfered un-encrypted....

 

Thank you very much in advance.

 

Chris :thumbsup:

 

Can anyone offer an answer?????? Someone has got to know, and it cant be that hard.... :D

 

Chris

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...